Authentication codes are a common form of 2FA. Google’s G- verification is one way Google authenticates users. A Twitter user said he received a G- verification code that contained an ad and link for a VPN to a well-known AV company. It did not appear to be phishing but a legitimate ad. Google relies on wireless carriers who use the SS7 spec which is still not yet encrypted. Having a carrier go off script is a little unnerving. This incident is said to involve a carrier in Australia. Google responded to 9-5 Mac and is investigating.